Re: [HACKERS] backend/frontend communication

On , 28 May 1998, at 07:40:37, Tom Ivar Helbekkmo wrote:

> > I'm rewriting my SSL for patch so it's a little less messy, [...]
>
> Does this mean that you're adding a facility for an encrypted data
> stream between server and clients?  If so, great!  Are you adding this
> in such a way that other mechanisms than SSL can be facilitated?  I'd
> like to take a shot at adding Kerberos IV encryption to your model...

Once the patch is rewritten, yes, all fe/be communication will take
place in two functions, pq_read and pq_write.  It'll take a little
more to make it completely modularized (once bruce removes the exec()
it will make things much better -- as it is the SSL connection must be
renegotiated at that point) but I think it is worth the effort.  I may
go as far as to allow pluggable transport mechanisms and
authentication.

It's a work in progress.  The info page is at
http://www.chicken.org/pgsql/ssl/

It details some of the changes I plan to make, as well as a short
description of the patch and how I feel about the fe/be communication.
However, it is probably poorly written, so I should probably change
that.

I warn against using it at this point -- libpq is the only interface
guarunteed to work, which means no perl interface without some ugly
hacking.  This will change.